By MAXWELL EVANS
Capital News Service
LANSING — Nearly one in five state employees gave out sensitive information to a fake phishing scam, according to a recent report from the Auditor General, and lower levels of government in Michigan appear ill-prepared to prevent tech attacks. The harmless, state-sanctioned “scam” was actually an exercise conducted the Auditor General’s office, a nonpartisan investigative arm of the Legislature. It involved sending emails asking a random sample of 5,000 state workers to click a link and enter their login credentials. This was a classic example of “phishing,” in which email recipients are deceived by someone posing as a legitimate entity, usually to get targets to enter information like passwords or identification. Potential consequences from being “phished” include identity theft, unauthorized access, and damage to credibility, according to private cybersecurity firm SANS Institute, headquartered in Maryland.